Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecureClient and NAT at Client end

To: [email protected]
Subject: Re: [FW-1] SecureClient and NAT at Client end
From: michael toietwq <[email protected]>
Date: Wed, 28 Nov 2001 01:22:29 -0800
Comments: cc: [email protected]
In-reply-to: <2D36FCDA6A07D5118FFB00508B661196B7884F@NPKENEX3>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

hi !

> I was under the understanding that NAT and
> SecureClient would not
> successfully work without making some changes to the
> Objects.C and Userc.C
> files to enable UDP Encapsulation, however that does
> not appear to be the case.

Quoting http://www.phoneboy.com/faq/0141.html
--------------------------
By default, FireWall-1 4.1 SP2 and later that has had
these changes made will invoke this mode if the UDP
port 500 packet coming from the SecuRemote client has
a source port that is not port 500. This mode can be
forced on the client by going into userc.C on the
Secure Client and adding the following under the
options section: .......
---------------------------

Usually, by doing nat, the sourceport of the udp
packet will be changed by the nating device. So the
udp encapsulation mode will be invoked automatically.


> Here is my set-up:
>         Firewall running 4.1 SP4
>         Clients running SecureClient 4.1 SP4 build
> 4188
>
> On my Firewall, my encryption domain is defined by a
> group of network
> objects which include the specific 192.168.x.0
> networks used within the
> company.  In the Userc.C file I see these specific
> networks defined.
>
> Here are the situations:
>
> 1 user has set-up Microsoft Internet Sharing on his
> home network.  When he
> has the default network, 192.168.0.x in use, the VPN
> connections to the
> company failed.  However when he changed the
> internal network to 10.0.0.x
> the VPN connection was successful.
>
> A second user has a Linskis Router inside is ADSL
> modem for his internal
> network, using Hide NAT.  Again if he used the
> default 192.168.1.x network
> for his internal network the VPN failed, however
> when he changed it to
> 10.0.0.x the VPN connection succeeded.

Hmm...
At the first look, i`d say, that it looks like a wrong
Subnet mask ???
        --> Take a quick look into the userc.c file of the
securemote client, and check for the definition of the
encryption domain.
        (btw: did the encryption/authentication/connection to
the firewall fail, or did the client not even try to
authenticate to the firewall ????)


hope this helps

Michael


__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] SecureClient and NAT at Client end
  - From: Shawn Kearley <[email protected]>

Prev by Date: [FW-1] NG FP1
Next by Date: Re: [FW-1] Red Hat Version
Previous by thread: [FW-1] SecureClient and NAT at Client end
Next by thread: [FW-1] nokia and trunking
Index(es):
- Date
- Thread